Mailing List Archive: NTop: Users

Local Matrix with --no-mac

Index | Next | Previous | View Threaded

bdwest1 at yahoo

May 30, 2008, 7:25 PM

Post #1 of 6 (1676 views)
Permalink

Local Matrix with --no-mac

I've just started using ntop, and found it quite useful. One thing I would like to do is to understand which hosts are communicating the most with other hosts on the LAN. Because I'm using span to mirror traffic, I use the no-mac flag to ensure the IP's are used instead of the MAC addresses, as they are unreliable in this case. However, this disables the traffic matrix feature, which provides the information I wish to see. Is there another way to get this information, or some way to enable the traffic matrix when using the no-mac flag?
Thanks for your help.
-Braxton

Ggatten at waddell

Jun 17, 2008, 2:53 PM

Post #2 of 6 (1597 views)
Permalink

Re: Local Matrix with --no-mac [In reply to]

Any solution to this?

________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Braxton West
Sent: Friday, May 30, 2008 9:26 PM
To: ntop [at] unipi
Subject: [Ntop] Local Matrix with --no-mac

I've just started using ntop, and found it quite useful. One thing I
would like to do is to understand which hosts are communicating the most
with other hosts on the LAN. Because I'm using span to mirror traffic,
I use the no-mac flag to ensure the IP's are used instead of the MAC
addresses, as they are unreliable in this case. However, this disables
the traffic matrix feature, which provides the information I wish to
see. Is there another way to get this information, or some way to
enable the traffic matrix when using the no-mac flag?

Thanks for your help.

-Braxton

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>

bdwest1 at yahoo

Jun 18, 2008, 2:20 PM

Post #3 of 6 (1561 views)
Permalink

Re: Local Matrix with --no-mac [In reply to]

No solution yet from my side. Any one else have any thoughts?

----- Original Message ----
From: Gary Gatten <Ggatten [at] waddell>
To: ntop [at] unipi
Sent: Tuesday, June 17, 2008 5:53:24 PM
Subject: Re: [Ntop] Local Matrix with --no-mac

Any solution to this?

________________________________

From:ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of Braxton West
Sent: Friday, May 30, 2008 9:26 PM
To: ntop [at] unipi
Subject: [Ntop] Local Matrix with --no-mac

I've just started using ntop, and found it quite useful. One thing I would like to do is to understand which hosts are communicating the most with other hosts on the LAN. Because I'm using span to mirror traffic, I use the no-mac flag to ensure the IP's are used instead of the MAC addresses, as they are unreliable in this case. However, this disables the traffic matrix feature, which provides the information I wish to see. Is there another way to get this information, or some way to enable the traffic matrix when using the no-mac flag?

Thanks for your help.

-Braxton
"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."

Ggatten at waddell

Jun 18, 2008, 3:00 PM

Post #4 of 6 (1558 views)
Permalink

Re: Local Matrix with --no-mac [In reply to]

I use netflow and also have the -no-mac flag, but mostly it's a hold
over from when I was also using a span port. On rare occasions I'll get
a local matrix to work, but most often I get the "No Data To Display
(yet)" message - even though it's been running for days/weeks/months.

Next time nTop blows up I'll try removing the no mac flag and see what
happens.

I don't know of another way to view this info unless you look at each
host and gather the data manually.

G

________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Braxton West
Sent: Wednesday, June 18, 2008 4:21 PM
To: ntop [at] unipi
Subject: Re: [Ntop] Local Matrix with --no-mac

No solution yet from my side. Any one else have any thoughts?

----- Original Message ----
From: Gary Gatten <Ggatten [at] waddell>
To: ntop [at] unipi
Sent: Tuesday, June 17, 2008 5:53:24 PM
Subject: Re: [Ntop] Local Matrix with --no-mac

Any solution to this?

________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Braxton West
Sent: Friday, May 30, 2008 9:26 PM
To: ntop [at] unipi
Subject: [Ntop] Local Matrix with --no-mac

I've just started using ntop, and found it quite useful. One thing I
would like to do is to understand which hosts are communicating the most
with other hosts on the LAN. Because I'm using span to mirror traffic,
I use the no-mac flag to ensure the IP's are used instead of the MAC
addresses, as they are unreliable in this case. However, this disables
the traffic matrix feature, which provides the information I wish to
see. Is there another way to get this information, or some way to
enable the traffic matrix when using the no-mac flag?

Thanks for your help.

-Braxton

"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system."

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>

deri at ntop

Jun 19, 2008, 6:15 AM

Post #5 of 6 (1559 views)
Permalink

Re: Local Matrix with --no-mac [In reply to]

Braxton
can you please send the whole CLI you used in your tests?

Luca

----
Luca Deri <deri [at] ntop>

You must be the change you want to see in the world
Mahatma Gandhi

On Jun 18, 2008, at 11:20 PM, Braxton West wrote:

> No solution yet from my side. Any one else have any thoughts?
>
>
>
> ----- Original Message ----
> From: Gary Gatten <Ggatten [at] waddell>
> To: ntop [at] unipi
> Sent: Tuesday, June 17, 2008 5:53:24 PM
> Subject: Re: [Ntop] Local Matrix with --no-mac
>
> Any solution to this?
>
> From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf
> Of Braxton West
> Sent: Friday, May 30, 2008 9:26 PM
> To: ntop [at] unipi
> Subject: [Ntop] Local Matrix with --no-mac
>
> I've just started using ntop, and found it quite useful. One thing
> I would like to do is to understand which hosts are communicating
> the most with other hosts on the LAN. Because I'm using span to
> mirror traffic, I use the no-mac flag to ensure the IP's are used
> instead of the MAC addresses, as they are unreliable in this case.
> However, this disables the traffic matrix feature, which provides
> the information I wish to see. Is there another way to get this
> information, or some way to enable the traffic matrix when using the
> no-mac flag?
>
> Thanks for your help.
>
> -Braxton
>
> "This email is intended to be reviewed by only the intended
> recipient and may contain information that is privileged and/or
> confidential. If you are not the intended recipient, you are hereby
> notified that any review, use, dissemination, disclosure or copying
> of this email and its attachments, if any, is strictly prohibited.
> If you have received this email in error, please immediately notify
> the sender by return email and delete this email from your system."
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop

bdwest1 at yahoo

Jun 21, 2008, 7:07 AM

Post #6 of 6 (1550 views)
Permalink

Re: Local Matrix with --no-mac [In reply to]

Luca,
The command I used was:
/usr/local/ntop/bin/ntop -w 80 -P /usr/local/ntop/share/ntop -u ntop_user -L -d -c -o -i eth0 -g -m "....."
where the -m argument had 4 subnets in CIDR format.
I wanted to see how the hosts in those subnets communicated with each other, and the traffic matrix presented a nice way to do this. But, it appears the -o option disables the traffic matrix.
Thanks,
Braxton

----- Original Message ----
From: Luca Deri <deri [at] ntop>
To: ntop [at] unipi
Sent: Thursday, June 19, 2008 9:15:14 AM
Subject: Re: [Ntop] Local Matrix with --no-mac

Braxton
can you please send the whole CLI you used in your tests?

Luca

----
Luca Deri <deri [at] ntop>

You must be the change you want to see in the world
Mahatma Gandhi

On Jun 18, 2008, at 11:20 PM, Braxton West wrote:

> No solution yet from my side. Any one else have any thoughts?
>
>
>
> ----- Original Message ----
> From: Gary Gatten <Ggatten [at] waddell>
> To: ntop [at] unipi
> Sent: Tuesday, June 17, 2008 5:53:24 PM
> Subject: Re: [Ntop] Local Matrix with --no-mac
>
> Any solution to this?
>
> From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf
> Of Braxton West
> Sent: Friday, May 30, 2008 9:26 PM
> To: ntop [at] unipi
> Subject: [Ntop] Local Matrix with --no-mac
>
> I've just started using ntop, and found it quite useful. One thing
> I would like to do is to understand which hosts are communicating
> the most with other hosts on the LAN. Because I'm using span to
> mirror traffic, I use the no-mac flag to ensure the IP's are used
> instead of the MAC addresses, as they are unreliable in this case.
> However, this disables the traffic matrix feature, which provides
> the information I wish to see. Is there another way to get this
> information, or some way to enable the traffic matrix when using the
> no-mac flag?
>
> Thanks for your help.
>
> -Braxton
>
> "This email is intended to be reviewed by only the intended
> recipient and may contain information that is privileged and/or
> confidential. If you are not the intended recipient, you are hereby
> notified that any review, use, dissemination, disclosure or copying
> of this email and its attachments, if any, is strictly prohibited.
> If you have received this email in error, please immediately notify
> the sender by return email and delete this email from your system."
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads